From 09789fb5bda0d391f836e18ce321676b686c33a9 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mon, 30 Mar 2015 09:30:37 +0200 Subject: [PATCH] backported fix for stack overflow in DER decoder --- libtasn1-3.8-ltostr.patch | 13 +++++++++++++ libtasn1.spec | 7 ++++++- 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 libtasn1-3.8-ltostr.patch diff --git a/libtasn1-3.8-ltostr.patch b/libtasn1-3.8-ltostr.patch new file mode 100644 index 0000000..a447d3a --- /dev/null +++ b/libtasn1-3.8-ltostr.patch @@ -0,0 +1,13 @@ +diff --git a/lib/parser_aux.h b/lib/parser_aux.h +index 1f1aec2..7b2dfd4 100644 +--- a/lib/parser_aux.h ++++ b/lib/parser_aux.h +@@ -52,7 +52,7 @@ void _asn1_delete_list (void); + + void _asn1_delete_list_and_nodes (void); + +-#define LTOSTR_MAX_SIZE 20 ++#define LTOSTR_MAX_SIZE 22 + char *_asn1_ltostr (long v, char *str); + + asn1_node _asn1_find_up (asn1_node node); diff --git a/libtasn1.spec b/libtasn1.spec index 5d1778a..08c44a4 100644 --- a/libtasn1.spec +++ b/libtasn1.spec @@ -1,7 +1,7 @@ Summary: The ASN.1 library used in GNUTLS Name: libtasn1 Version: 3.8 -Release: 2%{?dist} +Release: 3%{?dist} # The libtasn1 library is LGPLv2+, utilities are GPLv3+ License: GPLv3+ and LGPLv2+ @@ -11,6 +11,7 @@ Source0: http://ftp.gnu.org/gnu/libtasn1/%name-%version.tar.gz Source1: http://ftp.gnu.org/gnu/libtasn1/%name-%version.tar.gz.sig Patch1: libtasn1-3.4-rpath.patch Patch2: libtasn1-3.8-octet-string.patch +Patch3: libtasn1-3.8-ltostr.patch BuildRequires: bison, pkgconfig %ifarch %ix86 x86_64 ppc ppc64 BuildRequires: valgrind @@ -54,6 +55,7 @@ data. %patch1 -p1 -b .rpath %patch2 -p1 -b .octet-string +%patch3 -p1 -b .ltostr %build %configure --disable-static --disable-silent-rules @@ -106,6 +108,9 @@ test "$1" = 0 -a -f %_infodir/%name.info.gz && \ %changelog +* Mon Mar 30 2015 Nikos Mavrogiannopoulos - 3.8-3 +- backported fix for stack overflow in DER decoder + * Thu Sep 04 2014 Nikos Mavrogiannopoulos - 3.8-2 - added bug fix for octet string decoding (#1138218)